Extracted

• • Target

    2563cc3dc3b2605db20e7c24f26d43bd_JaffaCakes118

  • Size

    1.4MB

  • MD5

    2563cc3dc3b2605db20e7c24f26d43bd

  • SHA1

    ef73cf99045943545cba7a1d460e264fbcf4abf2

  • SHA256

    b69dde83966db018e413be9a65c7a11b9a8ae1f15e3b4998bf264541248b6af5

  • SHA512

    d2edd7e30444307ef27c83babc675026c73ed2164804bb85ceb921c34b2686bc808175c2155fa558b1c323c6934e2868555bd531373c845e2a9c3cde7aa5376e

  • SSDEEP

    24576:K9b43Bo7xvu2Ui+mBvqvtEWvRk8Ml6uOdb/3:e4S7xui/wRk9suQ73

  Score

  10^/10

  darkcometguest16persistencerattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Modifies WinLogon for persistence

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2